[jboss-jira] [JBoss JIRA] (WFCORE-3970) Reload Elytron ldap-key-store using JBoss CLI

Farah Juma (JIRA) issues at jboss.org
Fri Jul 20 14:33:00 EDT 2018 

     [ https://issues.jboss.org/browse/WFCORE-3970?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Farah Juma moved EAP7-1064 to WFCORE-3970:
------------------------------------------

                             Project: WildFly Core  (was: EAP 7 Planning Pilot)
                                 Key: WFCORE-3970  (was: EAP7-1064)
                          Issue Type: Feature Request  (was: Requirement)
                            Workflow: GIT Pull Request workflow   (was: EAP Agile Workflow 2.0)
                         Component/s: Security
                                          (was: Security)
          Jirban PT Pre-Checked (PC):   (was: TODO)
                      Target Release:   (was: 7.2.0.GA)
       Jirban PT Community Docs (CD):   (was: TODO)
         Jirban PT Product Docs (PD):   (was: New)
             Jirban PT Test Dev (TD):   (was: TODO)
        Jirban PT Docs Analysis (DA):   (was: TODO)
            Jirban PT Test Plan (TP):   (was: TODO)
    Jirban PT Analysis Document (AD):   (was: TODO)


> Reload Elytron ldap-key-store using JBoss CLI
> ---------------------------------------------
>
>                 Key: WFCORE-3970
>                 URL: https://issues.jboss.org/browse/WFCORE-3970
>             Project: WildFly Core
>          Issue Type: Feature Request
>          Components: Security
>            Reporter: Farah Juma
>            Assignee: Justin Cook
>
> It is not possible to reload the certificates dynamically for Elytron's *ldap-key-store*.
> If some changes have been made in the certificates present in LDAP directory then EAP needs to be restarted first in order to see those changes done in LDAP directory which is not ideal for production environments. 
> For simple file based keystores, *load* operation is available :
> -------------------------
> [standalone at localhost:9990 /] /subsystem=elytron/key-store=twoWayKS:load()
> -------------------------
> But this option is missing for *ldap-key-store* :
> -------------------------
> [standalone at localhost:9990 /] /subsystem=elytron/ldap-key-store=LKS1:load()
> {
>     "outcome" => "failed",
>     "failure-description" => "WFLYCTL0031: No operation named 'load' exists at address [
>     (\"subsystem\" => \"elytron\"),
>     (\"ldap-key-store\" => \"LKS1\")
> ]",
>     "rolled-back" => true
> }
> -------------------------
> There should be such option available to reload the content of ldap-key-store without restarting the EAP server.



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list